software vendors are firmly locked into the attitude that you, LICENSOR, have no rights other than to buy new stuff when we drop support for the old stuff and design the new stuff to only superficially work with the old stuff.

like, for instance, all of the "cool features" use new runtimes and new features, and none of it is backwards compatible.

so is anybody really surprised here? if the user hash code field they recover is all over the warez circuit, no matter what the EULA says, someday the number of hits on you is going to run over some trigger number in update. at that point, you will run into a block.

had to reinstall windows ME legally on a machine last weekend. got all the critical updates pulled off on IE, and from that point on, update kept returning "thank you, you have a Mac, you can't update here." everything worked fine the next day, and I got the rest of the criticals done.

I can only assume they have all sorts of wonderful blocks and trigger numbers over there, and since they own the software and you own only a cancelled check, it's just tough damn luck.

My firewall detects the connections after doing manual installs. I know this because I've got production equipment we can't just let windows auto-update on. Based on my experience, WGA is just one of many apps/updates that phones home.

Again, it's been this way for quite a while, and the information does not "perfectly" identify you, but each install has it's own signature as far as I can tell so they can deduce who you are pretty quickly.

Why do you care now as opposed to all of the other Microsoft's-evil-OS stories on/.?

Apparently. That message is not there anymore. Instead, Microsoft Update displays this:

Concerned about privacy? When you check for updates, basic information about your computer, not you, is used to determine which updates your programs need. To learn more, see our privacy statement [microsoft.com].

Well, see, they don't use the illegal IDs and product keys "to identify or contact users". But they do also grab the IP number that those came from. Now, they may not use that IP info either, but if a list of IP numbers and illegal product tags were to be passed along to, oh, say, the BSA (Business Software Alliance, not the Boy Scouts of America, aka the enforcers), and the BSA were to ask ISPs for a name and address corresponding to that IP...

So Microsoft isn't using that info (and certainly not that specific item of info) to contact users, but they might be passing it on to someone who is.

Typical Microsoft statement; parsed carefully and in the right context, it might well be literally true, and it sounds good, but it could well be misleading.

The difference is that yum can only infer that from data you voluntarily send to them every time you query for updates. Yum says "Send me the package list for FC6 on the x86 architecture", and that's it. The server gets your IP address as a side effect, and your system version. That's a far cry from that list of crap that Microsoft gets, and never says they're sending. I'm really not comfortable with sending all that info, especially since they don't explicitly state that it's happening. What other info can be asked for through their API? What about limits on info in the EULA? What other info might they send for "research" purposes?

At least in Finland, I can walk to every place that I suspect might have records on me and ask to be given those records, and the company or what ever, even the police have to comply. AFAIK you can also ask the data to be deleted.

Also, AFAIK according to Finnish law Microsoft (which does have a company in Finland too) they should have in the open a document (or upon request) that specifies what information is being collected in to their registers.

Too bad I don't use Windows:) but anyways.. I'm not a lawyer. It's just common sense that companies can't keep what ever records they want — secretly at least.

My brother works on the Windows update team in Redmond. Just to clear things up, here's what I know:

1) Since there are so many update events, the client software only sends a random sample ~10% of all events to the server. This was added in one of the more recent changes to the Windows Update s/w.

2) Yeah, they have a *huge* data warehouse that they store all that info in. It's SQL Server 2005 and one of the larger SQL Server installs in the world. From what he tells me, they get millions of new rows each day, so they can only keep 1 year of data available online in the database (everything else gets moved off to tape or to another database). BTW, it's in the terybytes.

3) They use this data to help better serve their customers. They have a reporting/analytics solution built on top of that Data Warehouse. They can analyze history by region, by service pack, by language, etc. So they can make better strategic decisions with that info and in a more timely manner (it's updated daily).

Look, here's one example where that data is useful for them - if a few customers call up and say there update is failing, a tech support person can look at some data for that customer's region, or service pack, or update and see if there are any trends there to help move the case along (i.e. maybe a trend shows that a bunch of users with that OS are having problems with that update).

No comment on the privacy issues - all they know about is your computer's GUI and your IP address (i.e. city/state/zip or region/country). Some are ok with that, many aren't.